v6.0.0 — Wave 1 Observability Release (Institutional Audit Traceability)

super-legal-mcp-refactored/CHANGELOG.md

@@ -2,6 +2,40 @@
 
 All notable changes to the Super Legal MCP Server are documented in this file.
 
+## [6.0.0] - 2026-04-18
+
+### Feature — Wave 1 Observability Release (Institutional Audit Traceability)
+
+Adds four observability capabilities behind feature flags (all default OFF) to close gaps identified in an institutional-buyer audit against PE/IB/M&A/IC requirements. 26 commits, 45 files changed, +6530/-888 LOC, 165 unit + integration tests.
+
+**Deployment note**: `RAW_SOURCE_ARCHIVE=true` requires `EXA_WEB_TOOLS=true` to capture web activity. All other flags are independent. See `docs/runbooks/wave-1-deploy.md` for the 5-stage flag rollout with 24-48h soaks.
+
+**GitHub PR:** [#76](https://github.com/Number531/Legal-API/pull/76)
+
+#### #3 — Raw-Source Archive (content-addressed, per-session)
+
+Persists every raw external API response (SEC filings, CourtListener opinions, Exa search results, FRED data, EPA records, etc.) as content-addressed files in a per-session pool. Each session is a self-contained audit bundle — legal hold, retention, deletion, and export all align with session boundaries.
+
+- **Capture layer**: `wrapWithConversation()` middleware in `toolImplementations.js` — wraps all 163 MCP tool handlers
+- **Storage**: `reports/{session_id}/raw-sources/{ab}/{cd}/{hash}.{ext}.gz` — sharded, gzip-compressed, mode 0444, atomic write
+- **Integrity**: SHA-256 content-addressed filenames; recomputed on every read
+- **Dedup**: within-session dedup by hash; cross-session duplication accepted for self-containment
+- **Secret sanitization**: scrubs Authorization headers, API keys, AWS keys, JWTs, PEM private keys
+- **Live-tested**: 287 unique sources captured across 21 tool types
+- **Flag**: `RAW_SOURCE_ARCHIVE=false` (default)
+
+#### #8 — Prompt-Injection Detection on Tool Outputs
+
+Lightweight regex detector (6 patterns, confidence scoring). Detection + logging only, no hard block. FP-resistant against SEC/legal text. **Flag**: `PROMPT_INJECTION_DETECTION=false`
+
+#### #12 — Per-Tool Latency Histograms (P50/P95/P99)
+
+Histogram labels `[tool, status]` → `[tool_name, client, status]`. Percentile SQL on `/api/analytics/tools/health`. Composite index on `hook_audit_log`. Always-on (no flag). **Breaking**: Prometheus queries must migrate `tool=` → `tool_name=`.
+
+#### #13 — 7-Day SLA Dashboard per External API
+
+Frontend panel + `GET /api/analytics/sla/7day`. Success rate, P95 latency, fallback count per API client. **Flag**: `SLA_TELEMETRY=false`
+
 ## [5.9.2] - 2026-04-17
 
 ### Fixed — Federal Register agency slugs + GovInfo USC Section resolver